CVE-2021-29337 PoC — Micro Star Dragon Center 安全漏洞

Source

https://github.com/rjt-gupta/CVE-2021-29337

Associated Vulnerability

Title:Micro Star Dragon Center 安全漏洞 (CVE-2021-29337)
Description:Micro Star Dragon Center是中国台湾微星科技（Micro Star）公司的一款用于管理控制MSI组件、桌面系统和外围设备的应用程序。 MSI Dragon Center 2.0.104.0版本存在安全漏洞，该漏洞源于程序允许低特权用户访问内核内存和潜在的升级特权。

Description

CVE-2021-29337 - Privilege Escalation in MODAPI.sys (MSI Dragon Center)

Readme

# CVE-2021-29337 - Privilege Escalation in MODAPI.sys (MSI Dragon Center) 

## General

- Affected Product: MSI Dragon Center
- Affected Version: 2.0.104.0 
- [CVE MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29337)

## Description
A vulnerable kernel driver MODAPI.sys in dragon center exposes IOCTL 0x9C406104 which allows low-privileged users to interact directly with physical memory by calling one of several driver routines (MmMapIoSpace) that map physical memory into the virtual address space.

Sending valid input and output buffers via DeviceIoControl allows arbitrary manipulation of the kernel memory in the latest Windows 10 depicting user-mode data being passed to the MmMapIoSpace routine. This vulnerability could possibly allow local privilege escalation to NT AUTHORITY\SYSTEM.

## Inspiration from Legends
- [@DownWithup](https://twitter.com/DownWithUpSec)
- [@h0mbre](https://twitter.com/h0mbre_)

File Snapshot


 [4.0K]  /data/pocs/218432e46ccc29d8c3de330fd7c4fc842969cf67
├── [2.8K]  modapi_poc.c
└── [ 935]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!